From 0afbcd5d168a1713c7ea854cd945f5b3a4d9dc22 Mon Sep 17 00:00:00 2001 From: ncontrerasj Date: Wed, 9 Apr 2025 08:31:04 -0400 Subject: [PATCH] feat: base for polaris-k8s deployer image --- deployer/DockerFile | 1 + deployer/chart/.helmignore | 21 +++++++ deployer/chart/Chart.yaml | 4 ++ deployer/chart/templates/application.yaml | 23 ++++++++ deployer/chart/templates/deployments.yaml | 69 +++++++++++++++++++++++ deployer/chart/templates/services.yaml | 12 ++++ deployer/chart/values.yaml | 23 ++++++++ deployer/schema.yaml | 50 ++++++++++++++++ 8 files changed, 203 insertions(+) create mode 100644 deployer/DockerFile create mode 100644 deployer/chart/.helmignore create mode 100644 deployer/chart/Chart.yaml create mode 100644 deployer/chart/templates/application.yaml create mode 100644 deployer/chart/templates/deployments.yaml create mode 100644 deployer/chart/templates/services.yaml create mode 100644 deployer/chart/values.yaml create mode 100644 deployer/schema.yaml diff --git a/deployer/DockerFile b/deployer/DockerFile new file mode 100644 index 0000000..36a3161 --- /dev/null +++ b/deployer/DockerFile @@ -0,0 +1 @@ +FROM gcr.io/cloud-marketplace-tools/k8s/deployer_helm/onbuild \ No newline at end of file diff --git a/deployer/chart/.helmignore b/deployer/chart/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/deployer/chart/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/deployer/chart/Chart.yaml b/deployer/chart/Chart.yaml new file mode 100644 index 0000000..815b4f4 --- /dev/null +++ b/deployer/chart/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v2 +description: A Helm chart for Polaris Kubernetes Offer +name: polaris +version: 1.0.1 diff --git a/deployer/chart/templates/application.yaml b/deployer/chart/templates/application.yaml new file mode 100644 index 0000000..b9b1452 --- /dev/null +++ b/deployer/chart/templates/application.yaml @@ -0,0 +1,23 @@ +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: "{{ .Release.Name }}" + namespace: "{{ .Release.Namespace }}" + labels: + app.kubernetes.io/name: "{{ .Release.Name }}" + annotations: + # Replace partner and partner_name + marketplace.cloud.google.com/deploy-info: '{"partner_id": "partner", "product_id": "polaris-k8s", "partner_name": "Partner"}' +spec: + descriptor: + type: polaris-proxy + version: { { .Values.global.images.polarisProxy.image.tag } } + selector: + matchLabels: + app.kubernetes.io/name: "{{ .Release.Name }}" + addOwnerRef: true + componentKinds: + - group: "" + kind: Service + - group: apps + kind: Deployment diff --git a/deployer/chart/templates/deployments.yaml b/deployer/chart/templates/deployments.yaml new file mode 100644 index 0000000..faa9977 --- /dev/null +++ b/deployer/chart/templates/deployments.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: polaris-proxy-deployment + labels: + app: polaris-proxy +spec: + replicas: 1 + selector: + matchLabels: + app: polaris-proxy + template: + metadata: + labels: + app: polaris-proxy + azure-extensions-usage-release-identifier: {{.Release.Name}} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + spec: + containers: + - name: polaris-proxy + image: {{ .Values.global.azure.images.polarisProxy.registry }}/{{ .Values.global.images.polarisProxy.image }}:{{ .Values.global.images.polarisProxy.tag }} + ports: + - containerPort: {{ .Values.polarisContainerProxyPort }} + env: + - name: PORT + value: "{{ .Values.polarisContainerProxyPort }}" + - name: POLARIS_CONTAINER_KEY_TYPE + value: "ephemeral" + - name: POLARIS_CONTAINER_WORKLOAD_BASE_URL + value: "{{ .Values.polarisContainerWorkloadBaseUrl }}" + - name: POLARIS_CONTAINER_ENABLE_INPUT_ENCRYPTION + value: "{{ .Values.polarisContainerEnableInputEncryption }}" + - name: POLARIS_CONTAINER_ENABLE_OUTPUT_ENCRYPTION + value: "{{ .Values.polarisContainerEnableOutputEncryption }}" + - name: POLARIS_CONTAINER_ENABLE_CORS + value: "{{ .Values.polarisContainerEnableCors }}" + - name: POLARIS_CONTAINER_ENABLE_LOGGING + value: "{{ .Values.polarisContainerEnableLogging }}" + resources: + requests: + cpu: {{ index .Values.resourcesLimit.cpuLimit 0}} + memory: {{ index .Values "resourcesLimit" "memory.Limit" 0}} + limits: + cpu: {{ index .Values.resourcesLimit.cpuLimit 1}} + memory: {{ index .Values "resourcesLimit" "memory.Limit" 1}} + readinessProbe: + httpGet: + path: /polaris-container/health + port: {{ .Values.polarisContainerProxyPort }} + initialDelaySeconds: 5 + periodSeconds: 10 + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: {{ .Values.customWorkloadKubernetesAppName }} + topologyKey: "kubernetes.io/hostname" + namespaceSelector: {} + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.azure.com/security-type + operator: In + values: + - ConfidentialVM \ No newline at end of file diff --git a/deployer/chart/templates/services.yaml b/deployer/chart/templates/services.yaml new file mode 100644 index 0000000..f04ae72 --- /dev/null +++ b/deployer/chart/templates/services.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: polaris-proxy-service +spec: + selector: + app: polaris-proxy + ports: + - protocol: TCP + port: {{ .Values.polarisContainerProxyPort }} + targetPort: {{ .Values.polarisContainerProxyPort }} + type: LoadBalancer \ No newline at end of file diff --git a/deployer/chart/values.yaml b/deployer/chart/values.yaml new file mode 100644 index 0000000..fff4a02 --- /dev/null +++ b/deployer/chart/values.yaml @@ -0,0 +1,23 @@ +title: "Polaris Proxy" +global: + images: + polarisProxy: + tag: latest + image: polaris-proxy + registry: us-docker.pkg.dev/fr0ntierx-public/fr0ntierx-public-registry + +resourcesLimit: + cpuLimit: + - 0.25 + - 0.5 + memory.Limit: + - 128Mi + - 256Mi + +polarisContainerEnableCors: "true" +polarisContainerEnableInputEncryption: "false" +polarisContainerEnableOutputEncryption: "false" +polarisContainerEnableLogging: "true" +polarisContainerProxyPort: 3000 +polarisContainerWorkloadBaseUrl: "http://custom-workload-service:8080" +customWorkloadKubernetesAppName: "custom-workload" diff --git a/deployer/schema.yaml b/deployer/schema.yaml new file mode 100644 index 0000000..3116179 --- /dev/null +++ b/deployer/schema.yaml @@ -0,0 +1,50 @@ +x-google-marketplace: + schemaVersion: v2 + + applicationApiVersion: v1beta1 + # The published version is required and MUST match the tag + # of the deployer image + publishedVersion: "latest" + publishedVersionMetadata: + releaseNote: >- + A first release. + images: + registry: us-docker.pkg.dev + repository: fr0ntierx-public/fr0ntierx-public-registry + tag: latest + +properties: + name: + type: string + x-google-marketplace: + type: NAME + namespace: + type: string + x-google-marketplace: + type: NAMESPACE + polarisContainerEnableCors: + type: boolean + default: true + polarisContainerEnableInputEncryption: + type: boolean + default: false + polarisContainerEnableOutputEncryption: + type: boolean + default: false + polarisContainerEnableLogging: + type: boolean + default: true + polarisContainerProxyPort: + type: integer + default: 3000 + polarisContainerWorkloadBaseUrl: + type: string + default: "http://custom-workload-service:8080" + customWorkloadKubernetesAppName: + type: string + default: "custom-workload" + +required: + - name + - namespace + - polarisContainerWorkloadBaseUrl